<?php

	error_reporting(0);
	session_start();
	error_reporting(1);
	
	$touser = $_POST['touser'];
	$subject = $_POST['subject'];
	$subject_safe = addslashes($subject);
	$message = $_POST['message'];
	$message_safe = addslashes($message);

	require_once "../common/PinSQL.obj";
	$pinSQL = new PinSQL();
	
	$pinSQL->Query("SELECT * FROM members WHERE username='$touser'");
	if ( $row = $pinSQL->FetchNextRow() )
	{
		// the user exists
		
		$username = $_SESSION['username'];
		
		$pinSQL->Query("INSERT INTO messages
		(fromuser, touser, subject, message)
		VALUES('$username', '$touser', '$subject_safe', '$message_safe')
		");

		// mobile notification
		//$pinSQL = $pinSQL;
		$message = $message;
		$subject = " Pin Project message from $username! ";
		$id = $row['id'];
		include "mobile_notify.php";
		
		// email notification
		$realname = $pinSQL->GetUserField($username, "firstname") . " " . $pinSQL->GetUserField($username, "lastname");
		if ($realname == " ")
			$realname = $username;
		$subject = "$realname sent you a message on The Pin Project...";
		$messageEmail = "$realname sent you a message:"
		. "\n\n\"" . stripslashes($message) . "\""
		. "\n\n___________________________________"
		. "\nVisit the Pin Project: http://www.pinproject.com"
		. "\nYou are receiving this message because e-mail notifications are turned on. You can turn them off in your profile settings.";
		include "email_notify.php";
		
	 	header ("Location: frame.php?page=inbox");
	 	
	} else {
		
		echo "That user does not exist. Did not send message.";
	}
  		
?>